Every year after Labor Day, I take a step back to survey the most important current trends and developments in the world of Directors’ and Officers’ liability and insurance. This year’s review is set out below. As the following discussion shows, this is a particularly interesting time in the world of D&O.
Will Securities Suit Filings Continue Ahead of Last Year’s Pace?
D&O insurers closely follow the statistics on the number of securities class action lawsuit filings. The number of annual filings can provide some indication of the insurers’ loss costs for the calendar year. The current filing patterns can also inform the insurers’ efforts to try to determine the profit-making price for their insurance product.
2023 was a notable year for securities class action lawsuit filings, as in 2023 the number of filings increased for the first time in four years. The elevated level of filings continued in the first half of 2024, as the number of securities class action lawsuits filed in the first six months of 2024 increased relative to the number of securities suits filed in the second half of 2023. According to a Cornerstone Research report (here), if the first-half pace were to continue for the rest of the year, the year-end 2024 total number of securities suit filings would be the highest annual number since 2020.
Several trends are driving the number of securities suit filings this year. As discussed in the next section, there have been a number of AI-related securities suit filings this year. Another factor has been the continued filing of SPAC-related securities suits, as also discussed below.
In addition, and contrary to expectations, COVID-related securities suit filings continue to be filed, even though we are now well into the fifth year since the initial outbreak of the coronavirus in the U.S. in March 2020. According to the Stanford Law School Securities Class Action Clearinghouse website (here), through August 24, 2024, there have been eleven COVID-related securities suit filings this year, the same number as during the full year 2023.
While the number of securities lawsuits filed is an interesting statistic, perhaps the more important statistic is the number of securities suits filed relative to the number of U.S.-listed public companies. This ratio provides a litigation rate and measures the overall chance of any given U.S.-listed company experiencing a securities class action lawsuit.
According to Cornerstone Research’s mid-year 2024 securities litigation report (here), the projected year end 2024 litigation rate based on the filings during the year’s first six months was 4.0%, which would be up relative to the year-end 2023 rate of 3.3%, as well as above the year-end 2022 rate of 3.1%. The increasing annual litigation rate is arguably even more significant than the increasing overall number of securities suits, as it suggests an increased overall possibility for publicly traded companies to get hit with a securities suit.
For a more detailed analysis of the securities class action lawsuit filings in the first half of 2024, refer here.
How Significant of a Corporate and Securities Litigation Risk will AI Prove to Be?
One of the most important stories in the financial markets and indeed in the economy as a whole has been the emergence of artificial intelligence (AI) technology. While the much-anticipated AI technological transformation is still underway, AI-related litigation has already emerged. Some of the litigation has involved a diverse litany of concerns, including, for example, intellectual property issues. In addition, various kinds of AI-related corporate and securities lawsuits have arisen, as well, including securities class action litigation.
In its recent report on securities class action lawsuit filings in the first six months of 2024, Cornerstone Research detailed this filing trend involving AI-related securities litigation. The report noted that AI-related securities suit filings are not necessarily a new phenomenon; the report tracked AI-related lawsuit filings all the way back to 2020. According to the report and the Stanford Law School Securities Class Action Clearinghouse website (here), between 2020 and September 1, 2024, there were a total of 34 AI-related securities class action lawsuits filed, including nine in 2024 YTD alone.
The June 2024 lawsuit against robotic process automation company, UiPath, is representative of the recent AI-related securities suits. As discussed here, the complaint alleges that the company’s announced turnaround strategy, in which the company rebranded itself as an AI-powered Business Automation Platform, misrepresented the strategy’s likely prospects and success. Along the same lines, Israeli-based cosmetics internet platform Oddity Tech Ltd. was hit with an AI-related securities class action lawsuit in late July 2024, in which (as discussed here) the claimant alleges that the that the company overstated the extent to which AI processes and tools enhanced its delivery of consumer services.
Many of the AI-related lawsuits, like the two mentioned in the preceding paragraph, involve allegations that the company engaged in so-called “AI washing” – that is, the companies sought to promote themselves or their products and services by overstating their AI capabilities. Other AI-related lawsuits have also involved allegations that companies understated the operational and financial risks associated with the companies’ adoption of AI processes. For example, the securities lawsuit filed in March 2024 against security screening company Evolv included allegations that the company failed to disclose risks in the company’s adoption of AI technology in its security screening platform, as discussed here.
Concerns about AI-related disclosures have not only led to securities class action lawsuits, but they have also led to SEC enforcement actions as well. For example, in March 2024, the agency filed settled enforcement actions against two investment advisors that allegedly misled investors about the firms’ AI-enabled services. And, as discussed here, in June 2024, the agency filed an enforcement action against the CEO and Founder of Joonko Diversity, Inc., a private AI-based employee recruitment startup, alleging among other things that the individual made false AI-related claims about the company’s services. (Pertinent to the question of the scope of AI-related liability risks, it is worth noting that the SEC enforcement action was also accompanied by a parallel U.S. Department of Justice criminal securities fraud action against the Joonko founder, as well.)
The liability landscape relating to AI is further complicated by regulatory and legislative activity. First and foremost, and as discussed in detail here, on March 13, 2024, the European Parliament approved the adoption of the EU Artificial Intelligence Act, legislation that the Wall Street Journal, in a front-page article, called the “World’s First Comprehensive AI Law.” The sweeping law, the effectiveness of which will be staged-in over the next several years, will affect all companies deploying or using Artificial Intelligence (AI) in the EU. The sanctions involved in violating the Act are steep; for example, the fines associated with engaging in prohibited AI-related activity (e.g., using AI-enabled manipulative techniques, or using biometric data to infer private information) are €35 million or 7% of global turnover, whichever is greater. The liability risks associated with the Act are not limited just to the daunting prospect of regulatory fines and penalties; the liability risk may also involve the possibility of follow-on corporate and securities litigation for companies alleged to have violated the Act, as well.
There have also been AI-related legislative developments in the U.S. In May 2024, Colorado became the first state to adopt comprehensive AI-related legislation, as discussed here. The Act applies to companies doing business in Colorado that develop or use “high-risk artificial intelligence systems.” The Act requires both AI developers and deployers to use reasonable care to avoid algorithmic discrimination in their AI systems. The Act also requires developers and deployers to disclose use of “synthetic content.” The Colorado Act, which is to be enforced exclusively by the state’s attorney general, goes into effect in 2026.
In addition, in late August 2024, the California Assembly passed a first of its kind bill that sets safety and security standards for large artificial intelligence models. As discussed in an August 28, 2024 Law360 article (here), the bill, which still must be approved by the California Senate and signed into law by the California governor, AI systems to adhere to standards ensuring the public’s safety, including engaging in pre-deployment safety testing and post-deployment monitoring, and putting safeguards in place to prevent the misuse of potentially dangerous capabilities.
In short, as companies attempt to navigate their way through the rapidly evolving technological environment, they also face a host of corporate and securities litigation-related risks, as well as a complex regulatory environment. The likelihood is that we will continue to see AI-related litigation, as well as regulatory enforcement action, in the months and years ahead.
What is ESG-Related D&O Risk Going to Look Like Going Forward?
ESG has always been a difficult topic to discuss, in large part because the three pillars – Environmental, Social, and Governance – are each so broad, especially so when take collectively. In more recent years, the topic has been further complicated by what has been called the ESG backlash – that is, the growing opposition from certain political groups, that has been manifest in legislation, litigation, and through investor and activist pressure. For example, we are now to the point that a number of prominent companies, including, for example, Ford and Harley Davidson, are publicly scaling back their DEI initiatives, in response at least in part to pressure from conservative activist groups.
The activist efforts follow ESG backlash-related litigation and legislation as well. As a general matter, the anti-ESG litigation has not fared particularly in the courts; however, in at least one prominent case, the anti-ESG lawsuit recently survived a motion to dismiss. As discussed here, in In a February 21, 2024, ruling, the Northern District of Texas denied the motion to dismiss in a lawsuit filed by an American Airlines pilot alleging that the airline and its employee benefits committee violated their fiduciary duties under ERISA to the company’s 401(k) plan participants in connection with selection and retention of funds whose managers allegedly pursue non-economic ESG objectives rather than maximizing plan participants’ financial benefits. The dismissal motion denial highlights the fact that the ESG backlash litigation potentially represents a substantial threat to companies facing activist scrutiny.
As a result of conservative activists’ and politicians’ initiatives, numerous U.S. states have adopted anti-ESG legislation as well. Many of these state legislative initiatives aim to prohibit state pension funds and other state organizations from considering ESG factors in investment decisions. Some of these statutes have been challenged in court, and not some have not survived judicial scrutiny. For example, as discussed here, in August 2024, a federal district court held that Missouri’s anti-ESG rules are preempted by federal law, violate the first amendment, and are unconstitutionally vague.
At a minimum, due to the various activist initiatives, ESG has become a contentious, even provocative topic, to the point that some academics have suggested that perhaps it may be time to say RIP to ESG. But even though many of us may be done with ESG, it may not be done with us. The fact is that as a result of various legislative and regulatory developments, ESG is likely to be with us for some time to come.
First, on July 31, 2023, the European Commission adopted the first set of European Sustainability Reporting Standards (ESRS), which require EU and non-EU companies with specified levels of EU activity to file annual sustainability reports with their financial statements. The standards will soon become law and apply in all 27 EU Member states, with compliance requirements effective as early as 2025 for the 2024 reporting period. The ESRS set out detailed reporting requirements for EU companies, including general reporting requirements; a list of mandatory disclosure requirements related to the identification and governance of sustainability matters; and ten ESG-related topics on which disclosure is required, subject to a materiality assessment.
Second, in September 2023, as discussed at length here, the California legislature adopted two pieces of legislation, subsequently signed into law by the California governor, that will similarly impose significant disclosure obligations on a host of companies, including even those not based in California. Senate Bill 253, signed into law on October 7, 2023, requires Scopes 1,2, and 3 greenhouse gas (GHG) emissions disclosures from all business entities “doing business” in California with revenues greater than $1 billion. Senate Bill 267, also signed into law on October 7, 2023, requires that on or before January 1, 2026, and every two years thereafter a “covered entity” must disclose its “climate-related financial risk” and measures taken to reduce and adapt to climate risk. A “covered entity” is a business with over $500 million in revenue and that does business in California.
Third, in March 2024, the SEC adopted its final climate change-related disclosure guidelines. As discussed here, the final guidelines are significantly watered down from the draft guidelines originally proposed; for example, the final guidelines do not require disclosure of so-called Scope 3 greenhouse gas emissions (GGE). However, even in their reduced form, the guidelines are quite comprehensive, with significant requirements concerning disclosures of climate change-related risk and risk mitigation efforts; as well as the reporting company’s processes for identifying and managing risk, including at the board level.
Significantly, both the California legislation and the SEC disclosure guidelines face court challenges. The SEC has in fact stayed the effectiveness of its climate change disclosure guidelines pending the outcome of the judicial consideration of the court challenge. The court review of the SEC’s guidelines comes in the wake of a series of U.S. Supreme Court rulings that impose significant restraints on administrative agencies’ enforcement actions and regulatory activities. It may well be that the SEC guidelines will not withstand scrutiny, and that the California statues may be stricken as well. However, the EU reporting standards are going to be going into effect as intended, and many reporting companies will have to comply with these standards.
It is also important to note that the ESG backlash litigation discussed above is not the only ESG-related litigation being filed these days. For example, as discussed here, in August 2024, the publishing and data company RELX was sued in a “greenwashing” lawsuit in which the claimant alleges the company misled investors about the company’s climate commitments and its climate-related actions. In addition, and also in August 2024, in a lawsuit involving the “S” ESG pillar, the online retail platform firm PDD was sued in a securities lawsuit in which it was alleged that the company allowed products made in China using forced labor to be sold on its platforms, as discussed here. In other words, notwithstanding the ESG backlash, companies are still being sued for failing to live up to the values that the ESG concept represents.
Indeed, regulators are also continuing to pursue enforcement actions that reflect ESG supportive values. For example, in February 2024, the New York Attorney General sued Brazilian the meat company JBS in connection with the company’s sustainability claims, including specifically the company’s net zero claims, as discussed here. Similarly, as discussed here, the Australian securities regulator has brought, and in March 2024, won, a “greenwashing” enforcement action, in which the regulator established that Vanguard’s Australian affiliate made misleading statements about its ESG-sorting processes for one of its index funds.
In other words, notwithstanding the anti-ESG backlash, ESG-related issues are not going away any time soon. It may be that ESG-related initiatives as such may change; it may even be that the ESG label itself will fade as it become politically expedient to drop the term. But even if ESG by that name disappears, it seems likely that the underlying initiatives will continue. Companies will continue to face competing pressures both from events and from competing interest groups. And companies likely will continue to face litigation and other investor or activist group initiatives, relating to climate change, social justice, and corporate governance issues.
Are the D&O-Related Risks Associated with Cybersecurity About to Enter a New Phase?
Cybersecurity-related risks associated with D&O liability are not a new concern. There have been cybersecurity related corporate and securities lawsuits for years. In some instances, these lawsuits have not fared particularly well; for example, the securities class action lawsuit filed in the wake of the massive Marriott date breach was dismissed, and the dismissal was affirmed on appeal. But there are notable exceptions to this generalization about the success rate of these cases; perhaps the most notable exception is the Alphabet Google+ data breach case, which in March 2024 settled for $350 million.
Settlements like the one in the Alphabet case will continue to motivate the plaintiffs’ lawyers, and indeed, as detailed on the Stanford Law School Securities Class Action Clearinghouse website (here), the plaintiffs’ lawyers have continued to file these kinds of suits. To be sure, while these kinds of lawsuits do continue to be filed, they have never really been filed in the volume that many have long expected. It seems that the circumstances involved when many companies announce a data breach lack a key factor the plaintiffs need to pursue these kinds of cases; that is, because the financial markets are so inured to news of a data breach, the share price of the target company often does not move significantly in response to news of the breach. The plaintiffs’ lawyers are not simply less interested in a prospective lawsuit that does not involve a significant share price decline.
What has been interesting in recent months has been the way that the kinds of things the plaintiffs’ lawyers allege has changed. Arguably, this change has simply followed events.
First, in late July 2024, the cybersecurity firm CrowdStrike was hit with a securities class action lawsuit related the massive global IT outage for which CrowdStrike is alleged to have had responsibility. The plaintiff in the case alleges that the company’s market capitalization fell by $12 billion in the wake of news surrounding the outage. The complaint alleges that during the class period, the defendants misled investors as they “repeatedly touted the efficacy” of the company’s Falcon software platform, “while assuring investors that CrowdStrike’s technology was ‘validated, tested, and certified.’”
It could be argued that the new CrowdStrike lawsuit is not a cybersecurity-related lawsuit, as it does not involve an intrusion or breach, nor does it involve a hostile actor. Nevertheless, the underlying incident did involve massive IT systems’ disruption – not in the defendant company’s own systems, but rather in the systems of the company’s customers and other third-parties. The involvement of the systems disruption does at some level make the new lawsuit network systems security-related. The absence of underlying hostile actions by a malicious third-party actor makes the lawsuit an interesting new variant in the evolution of network security-related litigation.
Second, in August 2024, the ecommerce company PDD Holdings (formerly known as Pinduoduo) was sued by investors in a securities class action lawsuit which alleges that apps that the company developed and maintain introduced malware into the company’s customers’ devices. The malware allegedly overrode the devices’ security controls and allegedly allowed the company to access user information on the devices, including text messages. When these allegations came to light in news reports, the company’s share price declined. The plaintiff in the case alleges, among other things, that the company misrepresented its protocols and processes for protecting user privacy and for complying with applicable privacy-related laws and regulations.
The new lawsuit against PDD also represents an interesting new variant in cybersecurity-related securities litigation. This new lawsuit also does not involve a hostile third-party actor, as no third-party action is alleged. Instead, the hostile actor involved allegedly is the defendant company itself, which allegedly installed malicious malware on its customers devices. These two new cases reflect different types of circumstances not involving an intrusion or a hostile third-party actor but that nevertheless resulted in cyber security related claims.
In addition to the changing trends in cybersecurity-related securities class action litigation, there have been developments in SEC cybersecurity-related enforcement activity as well.
First, in June 2024, the SEC announced that it had filed a settled enforcement action against the publishing firm R.R. Donnelly & Sons. The SEC alleged, in connection with a ransomware incident the company had experienced, that the company had failed to “design effective disclosure controls and procedures … related to the disclosure of cybersecurity risks and incidents.” The agency also alleged that the company had failed to “devise and maintain a system of cybersecurity-related internal accounting controls” sufficient to provide reasonable assurances that access to the company’s systems were appropriately controlled.
Second, in a July 2024 decision in SEC’s enforcement action against SolarWinds, the district court presiding in the action dismissed a claim nearly identical to the one asserted in the R.R. Donnelly case. The court held that the failure to detect a cybersecurity deficiency cannot reasonably be construed as an accounting problem. The court held that internal accounting controls are controls to ensure that companies “accurately report, record, and reconcile financial transactions and events,” and a “cybersecurity control” does not “naturally” fit within the term “internal accounting controls.” The court dismissed the SEC’s allegations that the company had ineffective accounting controls. Though the court did allow some claims related to misleading statements in SolarWinds’ “Security Statement” to proceed, the court’s decision in the SolarWinds case is a setback in the SEC’s efforts to enforce corporate cybersecurity controls.
An additional development further affecting companies’ cybersecurity D&O risk involves the SEC’s cybersecurity disclosure guidelines. As discussed here, the SEC released its final cybersecurity guidelines in July 2023. The guidelines are complex but consist of two basic parts, cyber incident reporting guidelines, which went into effect in December 2023, and the risk management disclosure guidelines, which take effect for annual reporting documents filed after December 18, 2023. The cyber incident reporting guidelines require companies that experience a cyber incident to file a SEC report about the incident within four days after the companies have determined that the incident is material. The risk management guidelines disclose their process for managing cyber threats, including board oversight processes and the role of company management.
These new disclosure guidelines are now in effect. It remains to be seen how companies will adapt to these requirements. It also remains to be seen what effect these new requirements have on related SEC enforcement activity, as well as on related private securities class action litigation. Both categories of the guidelines’ requirements could lead to further cyber-related litigation. For example, companies that file reports compliant with the four-day requirement could find themselves second-guessed if later developments require the company to disclose different information that initially disclosed. By the same token, plaintiffs’ lawyers armed with hindsight, and knowing what weaknesses allow a cyber incident to occur, can look back at prior disclosures concerning the company’s risk management practices and allege that the company overstated its controls or understated its exposure to certain risks.
The upshot is that cybersecurity-related corporate and securities litigation, which has been a perennial concern for years now, it likely to remain a significant concern in the months ahead. Signs are, however, that the nature of the risks, and the litigation that may arise, have all changed – and will continue to change.
Where are we Now in the Wake of Last Year’s Banking Crisis?
It was only a short time ago, but it is already easy to forget that in the space of just a few weeks from March through May last year, three of the five largest bank failures in U.S. history occurred, in what has been called the Banking Crisis of 2023. At the outset, a wider banking crisis was feared, but the Treasury Department, the Federal Reserve and the FDIC acted forcefully, and, fortunately, the three bank failures in the end did not lead to a systemic event. But while an immediate crisis was averted, many of the underlying problems – interest rate pressure, stress in the commercial real estate sector – persisted, and have continued into 2024.
Signs earlier this year pointed to continuing stress in the banking sectors. For example, as discussed here, in February 2024, New York Community Bank Corporation was hit with a securities class action lawsuit after the bank announced steep increases in its loss reserves in its commercial real estate portfolio. Then, on April 26, 2024, banking regulators, in what was the first bank failure of 2024, closed Republic First Bank, a $6 billion asset Philadelphia-based bank. The Republic First closure was the largest bank failure since the three banks failed in spring 2023. Although there were several institution-specific factors that contributed to the bank’s closure, the company’s real estate portfolio was under stress and contributed to the bank’s woes.
On one level, one could conclude that since these incidents earlier in 2024, conditions have eased, and perhaps it could be time to sound the all-clear signal. After all, there have been no further securities suits filed along the lines of the NYCB lawsuit, and the Republic First closure is still the only bank failure to date in 2024. And yet, despite these reassuring signs, there are remaining concerns. Ongoing problems continue to weigh on many banks, particularly small and regional banks. Changing office space use patterns and the rise of hybrid work following the pandemic have changed tenants’ needs and requirements, putting stress on landlords and building owners. Landlords in many instances are having trouble servicing their debt, while at the same time building values are declining.
A May 28, 2024, paper by a Federal Reserve Bank of St. Louis economist entitled “Commercial Real Estate in Focus” (here) takes a detailed look at the current state of play in commercial real estate (CRE) and examines the implications for banks and thrifts that hold CRE debt. Given the extent of the institutions’ exposure to CRE debt, the author concludes that the CRE sector remains a “challenge for the banking system” with significant concerns for banks “if and when losses materialize.”
As the paper notes, U.S. banks remain significantly exposed to CRE debt, with much of the exposure concentrated in regional and community banks – roughly two-thirds of all CRE loans are held by banks with assets under $100 billion. Of perhaps greatest concern, roughly $1.7 trillion, or nearly 30% of the outstanding U.S. CRE debt, will mature from 2024 to 2026, a prospect known as the “maturity wall.” As these loans mature, they will be refinanced at higher interest rates, weighing on landlords’ profitability.
These concerns are compounded by the reduction in landlords’ incomes due to changing office space use patterns and increased vacancy rates. The paper notes that U.S. office vacancy rates in the first quarter of 2024 reached 19%, surpassing previous highs reached during the Great Recession and the COVID-19 recession. As a result of these weaknesses, CRE valuations are under pressure. According to one measure the paper’s author cites, the office sector commercial property index as of the first quarter of 2024 had declined 34% from its peak.
In other words, even though the Banking Crisis of 2023 seems to be in the rear-view mirror, the CRE market remains “a potential headwind for the U.S. economy in 2024.” Of concern to the banking sector is that so much of the outstanding CRE debt is concentrated at regional and community banks. As the paper’s author notes, for banks with high CRE concentrations, “there is a potential for liquidity concerns and capital deterioration if and when losses materialize.”
Clearly, it will be important to watch developments in the CRE sector going forward, particularly as the outstanding debt matures during the 2024-2026 timeframe. There may be reasons to hope that many of the worst dangers do not materialize – among other things, it appears that the Federal Reserve is on track to lower interest rates in the final months of 2024. However, weaknesses in the underlying fundamentals of the market, due to changing office space use patterns, are likely to persist and to weigh on the CRE sector and on the banks that hold the sector’s debt.
What’s Next for SPACs and Where Do Things Stand with Respect to SPAC-Related Litigation?
What a time it was. During 2020 and 2021, Special Purpose Acquisition Company (SPAC) IPOs were in an absolute frenzy. During this period, the number of SPAC IPOs surged, with 247 SPACs launched in 2020, and a staggering 612 in 2021. Since that time, the number of SPAC offerings has declined dramatically, in part because so many of the SPACs that completed offerings during that earlier period wound up liquidating rather than merging with private company partners; indeed, as many as a third of the SPACs that completed IPOs in the 2020-2021 time frame wound up liquidating (compared to a historical average of around 13% for SPACs issued from 2009 to 2019).
However, more recently, there have been favorable developments for SPACs. First and foremost, on January 24, 2024, the SEC adopted new rules for SPACs and de-SPACs. These new rules, which went into effect on July 1, 2024, broadly address investor protection concerns by enhancing disclosures and curtailing certain practices that were common during the SPAC IPO frenzy. There are signs that, at least in part as a result of these new protections, interest in SPACs may be returning. Indeed, there already have been nearly as many SPAC IPOs in 2024 as there were in the full year 2023, and there are a number of SPAC IPOs on the calendar for the final months of the year.
While there may be some reasons to be hopeful for the future of SPAC IPOs, there is still important legacy from the past to be worked out, and that is the leftover pile of SPAC-related litigation. By my count, there have been a total of 71 SPAC-related securities class action lawsuit filed since January 1, 2021, including as many as six in 2024 YTD alone.
In a guest post on this site (here), Yelena Dunaevsky and Theresa Milano of Woodruff Sawyer made the interesting observation that while these SPAC-related securities suits continue to be filed, as time has gone by, the nature of these lawsuits has changed. Over the last year, they note, the most recent lawsuits have nothing to do with the original SPAC or business combination. Rather, the claims have centered on the business failings of the operating company stemming from the recent market downturn or other non-SPAC-relate business problems a year or two after the merger. The authors also reported that they found a litigation rate of about 18% of newly de-SPAC’d companies (as opposed to about a 13% rate for newly IPO’d companies). They also reported that in 2023, there were ten SPAC-related securities suit settlements totaling nearly $94 million.
While the SPAC-related securities class action litigation has been (and continues to be) interesting, perhaps the more interesting development has been the rise of Delaware breach of fiduciary duty SPAC-related litigation. These kinds of cases took off after the Delaware Court of Chancery’s ruling denying the motion to dismiss in the MultiPlan case. Indeed, these cases often are referred to, even by the Delaware courts, MultiPlan cases. The essence of these kinds of cases is the allegation that investors’ ability to exercise their redemption rights at the time of the business combination were impaired by faulty proxy disclosures.
After a subsequent dismissal motion denial in a MultiPlan-type breach of fiduciary duty lawsuit in the Gig3 case, discussed here, news reports and commentary appeared expressing concern that the court’s rulings in MultiPlan and Gig3 might “open the floodgates” to similar kinds of lawsuits. The concerns were underscored by the fact that the MultiPlan case itself settled for $33.75 million.
The Delaware courts noticed that all of this was happening. In a May 31, 2024, opinion in the Hennessy Capital Acquisition Corp. IV case (discussed here), Vice Chancellor Lori Will expressed her exasperation with what she called “MultiPlan claims.” She noted with respect to these cases that “the success of a few cases begat a host of others,” such that these cases are, she said, “ubiquitous in Delaware.” In these cases, she noted “remarkably similar complaints accuse SPAC directors of breaching their fiduciary duties based on flaws in years-old proxy statements that became problematic only when the combined company underperformed.” Vice Chancellor Will granted the defendants’ motion to dismiss in the Hennessey case, saying that “it cannot be fairly inferred that the defendants withheld knowable information material to public shareholders deciding whether or not to redeem or invest in the combined company. To allow this faulty claim to proceed would fuel perverse incentives and invite strike suits.”
Vice Chancellor’s comments in the Hennessey case will not only hearten defendants in similar cases pending in Delaware but may also even discourage plaintiffs’ lawyers from filing more of these kinds of cases in the future.
It might be hoped that this improving litigation picture might, along with the impact of the SEC’s new SPAC regulations, encourage the nascent SPAC IPO recovery. However, VC Will’s decision will have little relevance for many of the newer SPACs, as increasingly the SPACs are organized under the laws of the Cayman Islands, rather than under the laws of Delaware. Still, the shift in the case law direction signaled in the Hennessey decision will be helpful to the SPACs that are organized as Delaware corporations, and it could be interpreted to suggest that in the future SPAC may be spared cookie-cutter complaints alleging identical allegations.
How Will the U.S. Supreme Court Rule in the Key Securities Law Cases on Its Docket in the Upcoming Term?
The U.S. Supreme Court’s term that ended in June 2024 was an eventful one. The Court issued key opinions on a variety of topics, including, for example, Presidential immunity, gun control, and administrative agency rulemaking. The court also issued important decisions during the term on securities law issues.
First, as discussed here, on April 12, 2023, in a short, unanimous opinion written by Justice Sonja Sotomayor, in the Macquarie Infrastructure Corp. v. Moab Partners L.P. case, the U.S. Supreme Court held that a failure to disclose information required under Item 303 of Regulation S-K is, standing alone, is not an actionable omission under Section 10(b) of the Exchange Act and Rule 10b-5 thereunder. The Supreme Court said that in the absence of affirmative statement that is rendered misleading by the omission, an Item 303 violation alone is not sufficient to state a claim under Rule 10b-5. As the Supreme Court opinion put it in summarizing its decision, “pure omissions are not actionable under Rule 10b–5.”
Second, as discussed here, on June 27, 2024, in the case of SEC v. Jarkesy, the U.S. Supreme Court held, in an opinion written by Chief Justice John Roberts for a 6-3 court, that in light of the Seventh Amendment’s right to a jury trial, the SEC must pursue enforcement actions seeking civil penalties in a jury trial proceeding in federal court rather than in an action before an administrative law judge. The Court’s 6-3 ruling could have significant consequences for the many SEC enforcement actions now pending in the agency’s administrative tribunals, as well as for the agency’s pursuit of future enforcement actions. The Court’s ruling could also have important implications for other federal agencies’ use of administrative tribunals as well.
It is unusual for the Court to have two securities cases on its docket, as it did during the term that ended in June. As unusual as that was, however, it has happened again for the upcoming term, as the Court has again agreed to take up two more securities law cases.
It is always noteworthy when the Court agrees to take up a securities law case. Just the fact that the Court will be reviewing securities law issues raises the possibility that the Court might say or do something that has a significant impact on ongoing and future securities litigation. This possibility is increased with respect to the two cases the Court has agreed to consider for the upcoming term, given the significance of the issues that the cases present.
First, as discussed here, the Court has agreed to take up a case involving risk factor disclosures in connection with the alleged misuse of Facebook user data by Cambridge Analytica. The Facebook, Inc. v. Amalgamated Bank case will address a Circuit Court split on the question of what companies must disclose in their risk factors about past instances where risks materialized. As Facebook put it in its petition for writ of certiorari, the question the case presents is whether risk factor disclosures are misleading if they do not disclose past materializations of the risk even if the past event poses no current risk to the company’s ongoing or future business. The case itself is important because it raises important issues about potential securities law liabilities arising from privacy issues, and the Court’s consideration of the case could address important continuing concerns about corporate risk factor disclosures. Oral argument in the Facebook case is scheduled for November 6, 2024. The case should be decided before the end of the Court’s upcoming term, in June 2025.
Second, as discussed here, just days after the Court agreed to take up the Facebook case, the Court agreed to take up another securities law case, involving NVIDIA and raising important questions about the standards for pleading scienter and falsity under the PSLRA. The NVIDIA Corp. v. E. Ohman J:or Fonder AB case involves alleged fraud in connection with the company’s disclosures concerning its sales of graphics processing units (GPU) to cryptocurrency companies as a component of its overall GPU sales. The specific questions the case presents concern what and how a plaintiff must plead when pleading scienter and falsity. Because the case will address the PSLRA’s “exacting pleading requirements,” which are key components of every securities law lawsuit, the case potentially could prove to be very significant. The NVIDIA case is scheduled for argument on November 13, 2024, and should be decided before the end of the Court’s term in June 2025.
It will be interesting to see what unfolds in these two cases. Given the issues involved, both cases have the potential to significantly affect securities litigation in the U.S.
Will Plaintiffs’ Lawyers Continue to Pursue Breach of the Duty of Oversight Claims?
For many years, Delaware’s courts emphasized that duty of oversight claims (often known as Caremark claims) involve “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” However, in a line of cases beginning with the Delaware Supreme Court’s 2019 decision in Marchand v. Barnhill, Delaware courts have sustained various plaintiffs’ assertion of breaches of the duty of oversight.
The high water mark for these kinds of cases arguably was the Boeing 737 Max air crash case, which survived a motion to dismiss and ultimately settled for $237.5 million (all of which was funded by D&O insurance). In the wake of the Boeing case, some commentators questioned whether Caremark cases really are the most difficult to sustain after all.
These events in turn encouraged more claimants to file duty of oversight claims, a development that clearly alarmed the Delaware courts. The more recent result has been a series of cases in which the Delaware Chancery Court has emphatically shot down would-be duty of oversight claims.
For example, as discussed here, last December, Vice Chancellor Lori Will granted the defendants’ motion to dismiss in the Segway case. Similarly, in February, and as discussed here, VC Will granted the defendants’ motion to dismiss in the Walgreens Boots Alliance case. These two cases are similar in that in each case the court emphasized the high bar to establish liability in Caremark cases.
It is noteworthy that the court in both the Segway case and the Walgreens case communicated alarm at the seeming proliferation of Caremark cases since the Delaware Supreme Court’s decision in Marchand v. Barnhill. In both cases the court seemed committed to underscoring how difficult it is for claimants to sustain Caremark claims. In the Segway case, the court went to great lengths to emphasize that the standard for stating a claim against a corporate officer for breach of the duty of oversight is equally high as it is to state claim against a corporate director. In the Walgreens case, the court bemoaned the “proliferation” of lawsuits alleging breach of the duty of oversight, observing that while there may be the “rare event” when directors “cross the red line of bad faith,” and liability can arise, “more harm than good comes about if Caremark claims are reflexively filed” whenever the company “encounters an adverse circumstance.”
In July 2024, in the Bricklayers Pension Fund of Western Pennsylvania v. Brinkley (Centene), Vice Chancellor Morgan Zurn granted the defendants’ motion to dismiss the plaintiff’s breach of the duty of oversight claims against the Centene board, in yet another opinion that emphasizes the high bar for Caremark liability. The board, she found, had accepted management’s statements that the compliance risks “were being handled,” and the board “did not make a conscious decision to violate the law” adding that “A bad outcome, without more, does not equate to bad faith.”
This string of three decisions, in which the Delaware courts have shot down breach of the duty of oversight cases, may help alleviate what the Delaware courts themselves have described, with some alarm, as the “proliferation” of duty of oversight cases. This is significant as a general matter, but it also is significant for the prospects of future litigation involving many of the emerging issues discussed above in this blog post.
There has been a been a great deal of speculation amongst various commentators and observers that oversight duty breach cases could emerge from various kinds of current litigation risk exposures, such as, for example, with respect to cybersecurity, ESG, and AI. The courts opinions in these three cases seem to be intended to communicate to would-be oversight duty breach claimants “Not so fast.” If it was not clear before, it should be clear now that breach of the duty of oversight claims remain difficult to sustain. There would seem to be less reason now for plaintiffs’ lawyers to try to extend these kinds of claims to many of the currently emerging issues.
Will More Delaware Companies Seek to Reincorporate in Another State, and How Might That Affect D&O Liability and Insurance?
It is an idea that suddenly is all the rage – that companies should shake the Delaware dust off their feet and reincorporate elsewhere. Elon Musk famously said, in the wake of the Delaware Chancery Court’s decision voiding his $55.8 billion pay package, that he would seek to reincorporate Tesla in Texas. (SpaceX, also a Musk company, was in fact already reincorporated in Texas.) The former Attorney General William Barr and another GOP official published a Wall Street Journal column arguing that Delaware’s courts are driving corporations away (as discussed here), and suggesting that companies increasingly will find it more attractive to be incorporated in Nevada or another state. Some companies have indeed left Delaware and reincorporated elsewhere, including, for example TripAdvisor. Why would a company change its state of incorporation from Delaware to another state? And does a company’s re-domestication from Delaware to another state have implications for the potential liability exposures of the company’s directors and officers?
As for the reasons why some Delaware corporations may be considering changing their state of incorporation, an April 23, 204 memo from the Wilson Soninsi law firm succinctly catalogues the reasons for which some commentators are calling for the change: a growing number of cases, particularly in the M&A context, where Delaware’s courts have reached unexpected results; a perception that Delaware’s courts have adopted an increasingly suspicious or negative tone toward corporate boards and management; the challenges that Delaware case law can present for company founders or controlling shareholders; a sense that Delaware’s courts are skeptical of the governance of venture-backed private companies; and an increasingly active, and successful, plaintiffs’ bar.
These kinds of concerns have caused some commentators and corporate advisors to start considering other possibilities, with the states of Nevada and Texas among the states most prominently discussed. There is a reason why these two states tend to dominate the discussion of alternative. Both states have implemented separate specialized business courts – Texas’s business courts will be up and operating in September 2024. In addition, as discussed in detail here, there arguably are important differences in the liability standards between these two states and Delaware. The standards for court review of board decision-making differs between the three states, and books and records requests are treated differently in the two states compared to Delaware.
There is no doubt that there are important differences between Delaware, on the one hand, and Texas and Nevada, on the other hand. There is, as I noted here, evidence to suggest that the liability exposures of corporate directors and officers are less in Nevada than in Delaware, and arguably even in Texas. To be sure, there is little Nevada case law to corroborate this view, and the track record in Texas is nowhere near as extensive as in Delaware.
However, as the Baker Botts law firm put it in an April 10, 2024, memo (here), “although each state’s corporation law is distinct, it bears reminding that at their foundation they are more alike than they are different.” The differences are incremental, not categorical. Each state, the Baker Botts memo notes, “imposes meaningful fiduciary duties on corporate officers and directors and provides courts and stockholders with means to ensure that those duties are followed.”
Just the same, some companies are going to reconsider re-domesticating from Delaware to another state. Some companies are in fact reincorporating. The fact that there are differences between the states’ legal systems gives rise to additional options, and the differences in systems may make them appropriate for some corporations to consider.
As these issues percolated earlier this year, some observers asked whether D&O insurers price differently for Delaware corporations than they do for companies incorporated in other states. It is my perception that D&O insurers are not making price adjustments based on a company’s state of incorporation. Moreover, in a competitive marketplace characterized by ample insurance capacity and falling prices (as discussed further below), insurers have little power to make subtle pricing adjustments on bases other than the broadest kinds of risk factors – e.g., industry, company size, and financial condition. So I don’t think insurers are, say, adding a Delaware pricing load or applying a Nevada discount.
Which is not to say that insurers might not move in this direction in the future. It could well be that if more companies join the re-domestication bandwagon, or if it becomes more unquestionably discernable that the liability risks between Delaware and other states are not only perceptible but measurable, that D&O insurers might start pricing the state of incorporation into the premium charged.
All of that said, I have to say that I don’t think there will be a massive conversion of Delaware corporations into companies domesticated in other states. Delaware does have the advantage of decades of experience as the central source of corporate law. The “predictability and comprehensiveness of Delaware law, as well as the perception of outside investors’ comfort with the law will,” according to the Baker Botts memo, “continue to attract most corporations for the foreseeable future.”
How Will the D&O Insurance Market Respond to All of these Developments, Changes, and Uncertainties?
When you consider all of the trends and uncertainties discussed above, you might well assume that D&O insurers would be taken a defensive approach to the business by raising prices. While this assumption would be reasonable given the circumstances, the D&O insurers are not, in fact raising prices. To the contrary, the D&O insurance market remains competitive, with ample capacity, in a generally decreasing price environment.
To understand the current state of the D&O insurance marketplace, it is important to understand how we got where we are today.
From late 2018 through the end of 2021, the D&O insurance marketplace was in a so-called hard market. After years of underpricing and in deteriorating claims environment, the D&O insurers were experiencing accumulating underwriting losses. As a result, during that period, most buyers saw their D&O insurance premiums increase, in some cases significantly.
The insurer-favorable hard market pricing environment attracted new capital and new market participants. The new players’ presence started to have an effect in 2022, as competition returned to the marketplace. Many buyers began to see their overall pricing for the D&O insurance decline, at least relative to the higher pricing that prevailed during the hard market.
The more competitive conditions that came into play in 2022 remain in effect. Many buyers continue to see reductions in the cost of their D&O insurance programs, particularly with respect to the excess layers. Of course, there are certain buyers who are seeing more elevated pricing (such as financially troubled companies or companies with a poor claims history), but many other buyers are seeing price decreases, in some cases significant price decreases.
Insurance is a cyclical business, and it is always difficult to predict in advance when the insurance market is going to move to the next phase in the cycle. There are voices in the D&O space (as there always are when the insurance market is in the soft phase of the cycle) saying that the price decreases have gone too far and have fallen below risk-based pricing levels. Perhaps these concerns could cause the D&O insurance market to shift to the next phase of the cycle, but it is important to remember that at least historically the soft market phase of the cycle generally lasts a lot longer than the infrequent and usually brief hard phases of the cycle.
The laws of supply and demand generally control the insurance marketplace, and at the current moment supply remains ample. For the moment, at least, competitive conditions remain in effect, and it remains a favorable pricing environment for D&O insurance buyers. What the future may bring remains to be seen.